• Home
• org.opennms
• opennms-web-api
• 33.1.1
• source code
• Authentication.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.opennms.web.api.Authentication Maven / Gradle / Ivy

/*
 * Licensed to The OpenNMS Group, Inc (TOG) under one or more
 * contributor license agreements.  See the LICENSE.md file
 * distributed with this work for additional information
 * regarding copyright ownership.
 *
 * TOG licenses this file to You under the GNU Affero General
 * Public License Version 3 (the "License") or (at your option)
 * any later version.  You may not use this file except in
 * compliance with the License.  You may obtain a copy of the
 * License at:
 *
 *      https://www.gnu.org/licenses/agpl-3.0.txt
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied.  See the License for the specific
 * language governing permissions and limitations under the
 * License.
 */
package org.opennms.web.api;

import java.io.File;
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Properties;

import org.opennms.core.utils.BundleLists;
import org.opennms.core.utils.ConfigFileConstants;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * An uninstantiatable class that provides a servlet container-independent
 * interface to the authentication system and a list of useful constants.
 * 
 * A predefined list of roles will be used. Optionally, it is possible to
 * define additional roles by creating a file called security-roles.proeprties.
 * 
 * Here is an example for adding 2 additional roles:
 * 
 * roles=operator,manager
 * 
 * The 'default' roles are always going to be added, so the above list is
 * equivalent to:
 * 
 * roles=user,admin,operator,manager
 * 
 * The role names will be translated to upper case, prefixing it with 'ROLE_'.
 *
 * @author Lawrence Karnowski
 * @author Alejandro Galue
 */
public final class Authentication extends Object {

    private static final Logger LOG = LoggerFactory.getLogger(Authentication.class);

    public static final String ROLE_CONFIGURATION_FILE = "security-roles.properties";

    public static final String ROLE_USER = "ROLE_USER";
    public static final String ROLE_ADMIN = "ROLE_ADMIN";
    public static final String ROLE_READONLY = "ROLE_READONLY";
    public static final String ROLE_DASHBOARD = "ROLE_DASHBOARD";
    public static final String ROLE_DELEGATE = "ROLE_DELEGATE";
    public static final String ROLE_RTC = "ROLE_RTC";
    public static final String ROLE_PROVISION = "ROLE_PROVISION";
    public static final String ROLE_REST = "ROLE_REST";
    public static final String ROLE_ASSET_EDITOR = "ROLE_ASSET_EDITOR";
    public static final String ROLE_FILESYSTEM_EDITOR = "ROLE_FILESYSTEM_EDITOR";
    public static final String ROLE_MOBILE = "ROLE_MOBILE";
    public static final String ROLE_JMX = "ROLE_JMX";
    public static final String ROLE_MINION = "ROLE_MINION";
    public static final String ROLE_REPORT_DESIGNER = "ROLE_REPORT_DESIGNER";
    public static final String ROLE_FLOW_MANAGER = "ROLE_FLOW_MANAGER";
    public static final String ROLE_DEVICE_CONFIG_BACKUP = "ROLE_DEVICE_CONFIG_BACKUP";

    private static List s_availableRoles = new ArrayList<>();
    private static long lastModified = 0;

    static {
        s_availableRoles.add(ROLE_USER);
        s_availableRoles.add(ROLE_ADMIN);
        s_availableRoles.add(ROLE_READONLY);
        s_availableRoles.add(ROLE_DASHBOARD);
        s_availableRoles.add(ROLE_DELEGATE);
        s_availableRoles.add(ROLE_RTC);
        s_availableRoles.add(ROLE_PROVISION);
        s_availableRoles.add(ROLE_REST);
        s_availableRoles.add(ROLE_ASSET_EDITOR);
        s_availableRoles.add(ROLE_FILESYSTEM_EDITOR);
        s_availableRoles.add(ROLE_MOBILE);
        s_availableRoles.add(ROLE_JMX);
        s_availableRoles.add(ROLE_MINION);
        s_availableRoles.add(ROLE_REPORT_DESIGNER);
        s_availableRoles.add(ROLE_FLOW_MANAGER);
        s_availableRoles.add(ROLE_DEVICE_CONFIG_BACKUP);
    }

    /** Private, empty constructor so this class cannot be instantiated. */
    private Authentication() {
    }

    public static List getAvailableRoles() {
        loadRoles();
        return Collections.unmodifiableList(s_availableRoles);
    }

    public static boolean isValidRole(String role) {
        loadRoles();
        return s_availableRoles.contains(role);
    }

    private static void loadRoles() {
        File configFile = new File(ConfigFileConstants.getHome(), "etc" + File.separator + ROLE_CONFIGURATION_FILE);
        if (configFile.exists() && configFile.lastModified() > lastModified) {
            lastModified = configFile.lastModified();
            Properties p = new Properties();
            try {
                LOG.info("Loading security roles from {}", configFile);
                p.load(new FileInputStream(configFile));
                String roleList = p.getProperty("roles");
                if (roleList != null) {
                    for (String role : BundleLists.parseBundleList(roleList)) {
                        String securityRole = "ROLE_" + role.toUpperCase();
                        if (!s_availableRoles.contains(securityRole)) {
                            LOG.info("Adding role {}", securityRole);
                            s_availableRoles.add(securityRole);
                        }
                    }
                }
            } catch (Exception e) {
                LOG.warn("Can't load security roles from {}, because: {}", configFile, e.getMessage());
            }
        }
    }
}